<?php
############## DIT STUK CODE ZORGT ERVOOR DAT JE ALS ADMIN INGELOGD MOET ZIJN OM DE PAGINA TE KUNNEN ZIEN ##############
    //Start de sessie
    session_start();

    //Load de benodigde bestanden
    require_once("includes/auth.php");
########################################################################################################################
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>Product bewerken</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
  <link type="text/css" href="../css/pagination.css" rel="stylesheet" />
  <link rel="stylesheet" href="../css/reset.css" type="text/css" />
  <link rel="stylesheet" href="../css/960.css" type="text/css" />
  <link rel="stylesheet" href="../css/text.css" type="text/css" />
  <link type="text/css" href="../css/tablesorter.css" rel="stylesheet" />
  <link type="text/css" href="../css/sunny/jquery-ui-1.8.custom.css" rel="stylesheet" />
  <link type="text/css" href="../css/jquery.autocomplete.css" rel="stylesheet" />
  <link type="text/css" href="../css/style.css" rel="stylesheet" />
  <link type="text/css" href="../css/accmenu.css" rel="stylesheet" />
<script type="text/javascript" src="../js/jquery-1.4.2.min.js">
</script>
<script type="text/javascript" src="../js/jquery-ui-1.8.custom.min.js">
</script>
<script type="text/javascript" src="../js/jquery.tablesorter.js">
</script>
<script type="text/javascript" src="../js/jquery.autocomplete.min.js">
</script>
<script type="text/javascript" src="../js/menu.js">
</script>
</head>

<body>
  <div class="container_12">
    <div id="header" class="grid_12">

    </div>

    <div class="clear"></div>

    <div class="grid_12 spacer"></div>

    <div class="clear"></div>

    <div id="menu" class="grid_2">

        <?php
        include_once 'temp/menu_filler.php';
        ?>


    </div>

    <div id="adminarea" class="grid_10">
        <div id="tableholder">

                  <?php

                  // Connects to your Database
                  include 'includes/connect.php';

                  if (!isset($_POST['submit'])) // if page is not submitted to itself echo the form
                  {
                  ?>
                  <?php
                  if(isset($_GET['id']) && is_numeric($_GET['id']))
                  {
                      // Geef de variabele $id de waarde van de id= parameter uit de URL mee
                      $id=$_GET['id'];


                  }
                  else
                  {
                      // Stop script als id niet numeriek is
                      die("<b>Error:</b> Hacking attempt!!! ");
                  }

                      // Retrieve all the data from the table
                      $query = "SELECT * FROM product WHERE productid=" . $id . " ";
                      // echo 'query is: ',$query;
                      $result = mysql_query($query) or die("the query returned an error: " . mysql_error());

                      while ($row = mysql_fetch_array($result)) {
                      $pid = $row['productid'];
                      $pnm = $row['productnaam'];
                      $pom = $row['omschrijving'];
                      $vr = $row['voorraad'];
                      $lvb = $row['leverbaar'];
                      $std = $row['stdprijs'];
                      $cat = $row['categorie'];
                      }

                  ?>

                  <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
                  ProductID: <?php echo $id ?> <input type= "hidden" name= "productid" value="<?php echo $id ?>" /> <br />
                  Productnaam: <input type="text" name="productnaam" value="<?php echo $pnm ?>" /><br />
                  Omschrijving: <input type="text" name="omschrijving" value="<?php echo $pom ?>" /><br />
                  Voorraad: <input type="text" name="voorraad" value="<?php echo $vr ?>" /><br />
                  Prijs: &euro;<input type="text" name="stdprijs" value="<?php echo number_format($std,2); ?>" /><br />
                  Categorie: <input type="text" name="categorie" value="<?php echo $cat ?>" /><br />
                  <input type="submit" name="submit" value="submit">
                  </form>
              <?php
              }
              else
              {
                  $sql="UPDATE product SET productnaam='$_POST[productnaam]',omschrijving='$_POST[omschrijving]',voorraad='$_POST[voorraad]',stdprijs='$_POST[stdprijs]',categorie='$_POST[categorie]' WHERE productid='$_POST[productid]'";

                  if (!mysql_query($sql))
                    {
                    die('Error: ' . mysql_error());
                    }
                  echo "Product gewijzigd!";
                  echo "<br />";
                  echo "<a href=\" manage_prod.php \"> Terug naar Productbeheer";



              }

              ?>

        </div>
    </div>


    <div class="clear"></div>

    <div class="grid_12 spacer"></div>

    <div class="clear"></div>
</div>
</body>
</html>